PRIVACY
POLICY

1. Introduction

This Privacy Policy describes how Nealys Media Private Limited ("Napptix", "we", "us", or "our"), operating under the brand name Wizora, collects, uses, and protects information through our ad serving technology platform accessible at wizora.io and all associated subdomains (collectively, the "Platform"). This policy applies to all services operated under the wizora.io domain and its subdomains, including but not limited to ad serving, video ad delivery, impression and event tracking, and static asset delivery.

2. Scope of This Policy

This policy covers all data processing activities conducted through the following domains and subdomains:

• ads.wizora.io and its format-specific subdomains (v.ads, h.ads, b.ads, m.ads, ctv.ads) for ad creative serving
• vast.wizora.io for VAST XML ad tag delivery
• track.wizora.io and its format-specific subdomains (v.track, h.track, b.track, m.track, vast.track, ctv.track) for impression, click, and video event tracking
• asset.wizora.io and cdn.wizora.io for creative asset delivery

This policy applies to end users who view or interact with advertisements served through our Platform, advertisers and publishers who use our technology, and visitors to the wizora.io website.

3. Information We Collect

3.1 Non-Personally Identifiable Information

When an advertisement is served or interacted with through our Platform, we may automatically collect the following non-personally identifiable information:

• IP address (used solely for geographic targeting and network classification)
• Browser type and version via User-Agent string
• Device type (desktop, mobile, tablet, or connected TV)
• Operating system information
• Screen resolution
• Ad interaction events (impressions, clicks, video quartile progress such as start, first quartile, midpoint, third quartile, and complete)
• Timestamp of ad events
• Referring page URL
• Language preferences

We do not collect or process any personally identifiable information (PII) such as names, email addresses, phone numbers, physical addresses, or government-issued identifiers through our ad serving technology.

3.2 Information We Do Not Collect

• We do not collect, store, or process any personally identifiable information through ads served on our Platform
• We do not create user profiles for behavioral advertising or retargeting purposes
• We do not build audience segments targeted at children under 13 years of age
• We do not use hyperlocal geotargeting via GPS, especially in mobile ad contexts
• We do not perform browser packet-sniffing
• We do not use Flash cookies or Local Shared Objects (LSOs)
• We do not perform impression-level page scraping
• We do not use cross-site cookie matching or cookie syncing between different third parties
• We do not sell, rent, or share user data with third parties for their own independent use

4. How We Use Collected Information

The information we collect is used for the following purposes:

• Ad delivery and serving (ensuring the correct creative is displayed to the appropriate device and format)
• Geographic targeting based on IP address (country, region, or city level only)
• Campaign reporting and analytics for advertisers and publishers
• Frequency capping (limiting the number of times an ad is shown)
• Fraud detection and invalid traffic filtering
• Platform performance monitoring and optimization
• Billing and financial reconciliation between advertising parties
• Carbon emission measurement and sustainability reporting for advertising campaigns

We use IP addresses exclusively for geographic targeting and network classification purposes. IP-based data may be used to determine the user's approximate location at a country, region, or city level, and to classify network type for carbon emission reporting. We do not use IP addresses for individual user tracking, behavioral profiling, or any form of cross-site identification.

5. Cookies and Tracking Technologies

5.1 What We Use

Our Platform uses the following tracking mechanisms: HTTP cookies for frequency capping and campaign attribution, and server-side event logging via our edge computing infrastructure for impression, click, and video quartile event tracking. All cookies set by our Platform have a lifetime that does not exceed two (2) years, unless it is an opt-out cookie which may persist longer to respect your preference. We do not use Flash cookies, Local Shared Objects, or browser fingerprinting techniques for cross-site tracking or behavioral advertising.

5.2 Server-Side Event Logging

When an ad is served or interacted with, our servers record event data including the type of event (impression, click, video progress), a timestamp, anonymized technical parameters (device type, browser category, geographic region), and campaign-related identifiers. This logging is performed server-side and is used exclusively for aggregate reporting, billing, and platform performance purposes. It is not used for user-level profiling or retargeting.

6. Data Sharing and Disclosure

We do not sell user data. We may share aggregated, non-personally identifiable data with advertisers and publishers for campaign reporting purposes. Each advertiser or publisher client owns the data collected from their own campaigns. We do not share data across different clients and use only aggregated data for system improvements.

We may disclose information if required to do so by law, regulation, or legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, protect the safety of users or the public, or to investigate fraud or respond to a government request.

7. Data Security

We implement appropriate technical and organizational measures to protect the information we process:

• All data transmission between users, publishers, and our servers is encrypted using SSL/TLS (HTTPS) with SHA-256 certificates
• Our ad serving infrastructure operates on a globally distributed edge computing network with enterprise-grade security
• All creative assets are scanned for malware and malicious content before activation on our Platform
• Access to data systems is restricted to authorized personnel only

8. Data Retention

Ad event data (impressions, clicks, video events) is retained for as long as necessary to fulfill the purposes described in this policy, typically for the duration of an advertising campaign plus a reasonable period thereafter for reporting, billing reconciliation, and dispute resolution. Aggregated analytics data that cannot be used to identify any individual may be retained indefinitely for trend analysis and system improvement purposes.

9. Your Choices and Opt-Out

We respect your right to control how your information is used. You may opt out of any cookie or tracking mechanism set by Wizora by visiting our opt-out page.

Please note that opting out does not mean you will stop seeing ads; it means that the ads you see will not be tracked by our Platform for reporting purposes. If you clear your browser cookies, you will need to opt out again.

You may also control cookies through your browser settings, or use these industry opt-out tools:

• NAI Opt-Out — Network Advertising Initiative
• DAA Opt-Out — Digital Advertising Alliance
• Google Ads Preferences

10. Children's Privacy

Our Platform is not directed at children under the age of 13, and we do not knowingly collect information from children under 13. We do not create or maintain audience segments targeted at children. If we become aware that we have inadvertently collected information from a child under 13, we will take steps to delete such information promptly.

11. Industry Standards and Self-Regulatory Compliance

Wizora adheres to general data collection, usage, and ad targeting practices in accordance with the principles established by the Network Advertising Initiative (NAI) Self-Regulatory Code of Conduct for Online Behavioral Advertising and the IAB (Interactive Advertising Bureau) Good Practice Principles for Online Behavioral Advertising. We are committed to maintaining transparency, accountability, and consumer choice in all our advertising technology operations.

12. International Data Transfers

Wizora is operated by Nealys Media Private Limited, a company incorporated in India. Our ad serving infrastructure utilizes a globally distributed edge computing network, which means ad serving and event logging may occur at edge locations worldwide. By interacting with advertisements served through our Platform, you acknowledge that your information may be processed in jurisdictions outside your country of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this policy and post the revised policy on our website. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: